tailieunhanh - Firewalls and Internet Security, Second Edition phần 2

kinh nghiệm, các giám đốc điều hành đồng thời xem xét các quy trình. Điều quan trọng nhất là quá trình sẽ cho phép các tổ chức học theo thời gian. Cuộc khủng hoảng quản lý, quản lý sự cố, sau khi chết, và quản lý thay đổi và quy trình kiểm soát được thêm vào trong tuần đầu tiên. | 26 A Security Review of Protocols Lower Layers Client States Server States Connection open Closed Messages Half-closed Connection open Half-closed Closed P 87 94 7 ack 45 win 40 96 . ack 94 win 4096 P 45 4 6 1 ack 94 win 4096 P 94 98 4 ack 46 win 4096 F 98 98 0 ack 46 win 4096 . ack 99 win 4096 F 46 46 0 ack 99 win 4096 . ack 47 win 4095 Figure 2-4 TCP I O The TCP connection is full duplex. Each end sends a FIN packet when it is done transmitting and the other end acknowledges All other packets here contain an ACK showing what has been received those ACKs are omitted except for the ACKs of the FINs. A reset RST packet is sent when a protocol violation is detected and the connection needs to be torn down. Basic Protocols 27 SCTP. Moreover some of the new features such as the capability to add new IP addresses to the connection dynamically may pose some security issues. Keep a watchful eye on the evolution of SCTP it was originally built for telephony signaling and may become an important part of multimedia applications. UDP The User Datagram Protocol UDP Postel 1980 extends to application programs the same level of service used by IP. Delivery is on a best-effort basis there is no error correction retransmission or lost duplicated or re-ordered packet detection. Even error detection is optional with UDP. Fragmented UDP packets are reassembled however. To compensate for these disadvantages there is much less overhead. In particular there is no connection setup. This makes UDP well suited to query response applications where the number of messages exchanged is small compared to the connection setup and teardown costs incurred by TCP. When UDP is used for large transmissions it tends to behave badly on a network. The protocol itself lacks flow control features so it can swamp hosts and routers and

TỪ KHÓA LIÊN QUAN